Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-1000385

Опубликовано: 12 дек. 2017
Источник: debian
EPSS Высокий

Описание

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
erlangfixed1:20.1.7+dfsg-1package

Примечания

  • https://github.com/erlang/otp/security/advisories/GHSA-mhm2-354q-3277

  • https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM

  • https://github.com/erlang/otp/commit/38b07caa2a1c6cd3537eadd36770afa54f067562 (OTP-20.1.7)

  • https://github.com/erlang/otp/commit/3b4386dd19b7e669f557c95ace8d7ba228291927 (OTP-19.3.6.4)

  • https://github.com/erlang/otp/commit/de3b9cdb8521d7edd524b4e17d1e3f883f832ec0 (OTP-18.3.4.7)

  • https://robotattack.org/

EPSS

Процентиль: 99%
0.83282
Высокий

Связанные уязвимости

ubuntu логотип

CVE-2017-1000385

CVSS3: 5.9
ubuntu
около 8 лет назад

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

redhat логотип

CVE-2017-1000385

CVSS3: 6.5
redhat
около 8 лет назад

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

nvd логотип

CVE-2017-1000385

CVSS3: 5.9
nvd
около 8 лет назад

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

github логотип

GHSA-957c-5x9m-m7rv

CVSS3: 5.9
github
больше 3 лет назад

The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).

fstec логотип

BDU:2024-06977

CVSS3: 5.9
fstec
около 8 лет назад

Уязвимость интерпретатора языка программирования Erlang, связанная с раскрытием информации через несоответствие, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 99%
0.83282
Высокий